jdormit/jdormit-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Finish wallabag packer image

Browse Source
This commit is contained in:
Jeremy Dormitzer 2021-01-07 10:48:14 -05:00
parent 5b62b7f658
commit b9458e9fa2
10 changed files with 208 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
prod/wallabag/packer/.gitignore vendored
View File

@ -1 +1,4 @@
files/wallabag-params.yml
files/wallabag-params.yml
files/clients.sql
tmp/
certbot/

26
prod/wallabag/packer/Makefile
View File

@ -5,8 +5,32 @@ packer-manifest.json: wallabag.json \
scripts/wallabag.sh \
files/wallabag-nginx.conf \
files/entries.json \
files/wallabag-params.yml
files/wallabag-params.yml \
files/clients.sql \
certbot/live/wallabag.jeremydormitzer.com/fullchain.pem \
certbot/live/wallabag.jeremydormitzer.com/privkey.pem
packer build wallabag.json
files/wallabag-params.yml: templates/wallabag-params.yml.template
sigil -p -f templates/wallabag-params.yml.template > files/wallabag-params.yml
files/clients.sql: templates/clients.sql.template
sigil -p -f templates/clients.sql.template > files/clients.sql
certbot/live/wallabag.jeremydormitzer.com/fullchain.pem certbot/live/wallabag.jeremydormitzer.com/privkey.pem &: tmp/do.ini
certbot certonly -n \
--agree-tos \
--email ${CERTBOT_EMAIL} \
--dns-digitalocean \
--dns-digitalocean-credentials tmp/do.ini \
--config-dir ./certbot \
--work-dir ./certbot \
--logs-dir ./certbot \
-d wallabag.jeremydormitzer.com
tmp/do.ini: templates/do.ini.template tmp
sigil -p -f templates/do.ini.template > tmp/do.ini
chmod 600 tmp/do.ini
tmp:
mkdir tmp

21
prod/wallabag/packer/files/wallabag-nginx.conf
View File

@ -32,8 +32,29 @@ server {
return 404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /var/www/wallabag/fullchain.pem;
ssl_certificate_key /var/www/wallabag/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
error_log /var/log/nginx/wallabag_error.log;
access_log /var/log/nginx/wallabag_access.log;
client_max_body_size 512M; # allows file uploads up to 512 megabytes
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

47
prod/wallabag/packer/packer-manifest.json
View File

@ -62,7 +62,52 @@
"artifact_id": "nyc1:76467390",
"packer_run_uuid": "bbdb5c8d-a7c7-9f7b-ea51-efb20dea80d3",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609969544,
"files": null,
"artifact_id": "nyc1:76475302",
"packer_run_uuid": "0ee078df-61d1-ca71-55ad-54af353951bc",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609970473,
"files": null,
"artifact_id": "nyc1:76476102",
"packer_run_uuid": "b63fe1c4-a1e1-4e5e-be44-6a55b81fe342",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609971370,
"files": null,
"artifact_id": "nyc1:76477000",
"packer_run_uuid": "2baa8d5b-496a-45cf-ab6d-143923b65079",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1609976881,
"files": null,
"artifact_id": "nyc1:76481960",
"packer_run_uuid": "49264f22-48ae-4a65-dd29-b79edd3f81e6",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1610030808,
"files": null,
"artifact_id": "nyc1:76519919",
"packer_run_uuid": "407ebe24-29e2-fe61-80fe-b46b8cffd12b",
"custom_data": null
}
],
"last_run_uuid": "bbdb5c8d-a7c7-9f7b-ea51-efb20dea80d3"
"last_run_uuid": "407ebe24-29e2-fe61-80fe-b46b8cffd12b"
}

3
prod/wallabag/packer/scripts/nginx.sh
View File

@ -2,6 +2,9 @@
set -xe
sudo mv /tmp/fullchain.pem /var/www/wallabag/fullchain.pem
sudo mv /tmp/privkey.pem /var/www/wallabag/privkey.pem
chown www-data:www-data /var/www/wallabag/{fullchain,privkey}.pem
sudo mv /tmp/wallabag-nginx.conf \
/etc/nginx/sites-available/wallabag.conf
sudo ln -s /etc/nginx/sites-available/wallabag.conf \

1
prod/wallabag/packer/scripts/wallabag.sh
View File

@ -16,4 +16,5 @@ cd /var/www/wallabag
make install
php bin/console --env=prod fos:user:create jdormit jeremy.dormitzer@gmail.com "$ADMIN_PASSWORD" --super-admin
php bin/console --env=prod wallabag:import --importer=v2 jdormit /tmp/entries.json
sqlite3 /var/www/wallabag/data/db/wallabag.sqlite < /tmp/clients.sql
EOF

91
prod/wallabag/packer/templates/clients.sql.template Normal file
View File

@ -0,0 +1,91 @@
--- -*- mode: sql -*-
BEGIN TRANSACTION;
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
1,
id,
'${WALLABAG_WALLABAGER_ID:?}',
'${WALLABAG_WALLABAGER_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'wallabager'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
2,
id,
'${WALLABAG_ANDROID_APP_ID}',
'${WALLABAG_ANDROID_APP_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'Android app'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
3,
id,
'${WALLABAG_IPAD_ID:?}',
'${WALLABAG_IPAD_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'iPad'
FROM
wallabag_user
WHERE
username = 'jdormit';
INSERT INTO
wallabag_oauth2_clients (
id,
user_id,
random_id,
secret,
redirect_uris,
allowed_grant_types,
name
)
SELECT
4,
id,
'${WALLABAG_WALLABAG_EL_ID:?}',
'${WALLABAG_WALLABAG_EL_SECRET:?}',
'a:1:{i:0;N;}',
'a:4:{i:0;s:5:"token";i:1;s:18:"authorization_code";i:2;s:8:"password";i:3;s:13:"refresh_token";}',
'wallabag.el'
FROM
wallabag_user
WHERE
username = 'jdormit';
COMMIT;

1
prod/wallabag/packer/templates/do.ini.template Normal file
View File

@ -0,0 +1 @@
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}

2
prod/wallabag/packer/templates/wallabag-params.yml.template
View File

@ -7,7 +7,7 @@ parameters:
database_name: null
database_user: null
database_password: null
database_path: /var/www/wallabag/wallabag.sqlite
database_path: /var/www/wallabag/data/db/wallabag.sqlite
database_table_prefix: wallabag_
database_socket: null
database_charset: utf8mb4

15
prod/wallabag/packer/wallabag.json
View File

@ -28,6 +28,11 @@
"source": "files/entries.json",
"destination": "/tmp/entries.json"
},
{
"type": "file",
"source": "files/clients.sql",
"destination": "/tmp/clients.sql"
},
{
"type": "shell",
"environment_vars": [
@ -35,6 +40,16 @@
],
"script": "scripts/wallabag.sh"
},
{
"type": "file",
"source": "certbot/live/wallabag.jeremydormitzer.com/fullchain.pem",
"destination": "/tmp/fullchain.pem"
},
{
"type": "file",
"source": "certbot/live/wallabag.jeremydormitzer.com/privkey.pem",
"destination": "/tmp/privkey.pem"
},
{
"type": "file",
"source": "files/wallabag-nginx.conf",